Creating a user:
# set system login user <username>
Assigning password for the user:
# set system login user <username> authentication plain-text-password
Password: <input password>
Class: Class in Junos defines the permission of the users.
# set system login user <username> class <type>
In operational mode, we can control the Junos CLI environment. By default, an individual CLI session never times out after extended times, unless the 'idle-timeout' statement has been included in the user's login class configuration. The timeout can be 0 - 100,000 minutes. Setting the timeout to '0' disables the timeout.
user@router> set cli idle-timeout 60
Idle timeout set to 60 minutes
user@router> set cli idle-timeout 0
Idle timeout disabled
The CLI provides a method to display a login message to users and is displayed when a user connects to the host using Telnet or SSH.
[edit system]
user@router# set system login message “Insert login message here...”
[edit system]
user@router# commit and-quit
commit complete
Insert login message here...
router (ttyp2)
login:
login: user
Password:********
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
user@router>
Forcefully logout a user:
Someone is logged in to the router who shouldn't be and you need to log them out.
user@router>request system logout user <username>
We can view the users who are logged in to the router:
user@router> show system users
We can also send the user a message beforehand using a command:
user@router> request message user <username> message "message goes here"
Authentication Options:
If we have a RADIUS for user authentication in our network and we want our Junos box to authenticate the users against the RADIUS server, we can configure the router.
user@router# set system radius-options password-protocol <mschap-v2>
user@router# commit and-quit
We can also set different options for RADIUS server such as retry, timeout, etc.
Login Authentication Methods:
If we want to use a RADIUS or TACACS+ server to authenticate user logins to the router, and we want to specify a backup login authentication method in case the primary method is unavailable.
user@router# set system authentication-order [ radius password ]
user@router# commit and-quit
The above command will check the RADIUS server for user authentication, if it is not found. The router will look forward it's own users database for username and password.
Deleting a User:
We can delete a user from the router's database:
user@router# delete system login user <username>
Viewing Different Statistics and Logs:
The command is without '[ ]'
For SNMP stats:
user@router> show snmp [ statistics/ v3/ rmon ]
For NTP status:
user@router> show ntp [ status/ associations ]
For log messages:
user@router> show log messages
# set system login user <username>
Assigning password for the user:
# set system login user <username> authentication plain-text-password
Password: <input password>
Class: Class in Junos defines the permission of the users.
# set system login user <username> class <type>
In operational mode, we can control the Junos CLI environment. By default, an individual CLI session never times out after extended times, unless the 'idle-timeout' statement has been included in the user's login class configuration. The timeout can be 0 - 100,000 minutes. Setting the timeout to '0' disables the timeout.
user@router> set cli idle-timeout 60
Idle timeout set to 60 minutes
user@router> set cli idle-timeout 0
Idle timeout disabled
The CLI provides a method to display a login message to users and is displayed when a user connects to the host using Telnet or SSH.
[edit system]
user@router# set system login message “Insert login message here...”
[edit system]
user@router# commit and-quit
commit complete
Insert login message here...
router (ttyp2)
login:
login: user
Password:********
--- JUNOS 12.1R1.9 built 2012-03-24 12:12:49 UTC
user@router>
Forcefully logout a user:
Someone is logged in to the router who shouldn't be and you need to log them out.
user@router>request system logout user <username>
We can view the users who are logged in to the router:
user@router> show system users
We can also send the user a message beforehand using a command:
user@router> request message user <username> message "message goes here"
Authentication Options:
If we have a RADIUS for user authentication in our network and we want our Junos box to authenticate the users against the RADIUS server, we can configure the router.
[edit system]
user@router# set system radius-server 192.168.63.10 secret $1991poppI
user@router# show system radius-server
radius-server {
192.168.63.10 secret "$9$90m6AO1EcyKWLhcYgaZji"; ## SECRET-DATA
}
We can apply different password protocols for RADIUS server:user@router# set system radius-options password-protocol <mschap-v2>
user@router# commit and-quit
We can also set different options for RADIUS server such as retry, timeout, etc.
Login Authentication Methods:
If we want to use a RADIUS or TACACS+ server to authenticate user logins to the router, and we want to specify a backup login authentication method in case the primary method is unavailable.
user@router# set system authentication-order [ radius password ]
user@router# commit and-quit
The above command will check the RADIUS server for user authentication, if it is not found. The router will look forward it's own users database for username and password.
Deleting a User:
We can delete a user from the router's database:
user@router# delete system login user <username>
Viewing Different Statistics and Logs:
The command is without '[ ]'
For SNMP stats:
user@router> show snmp [ statistics/ v3/ rmon ]
For NTP status:
user@router> show ntp [ status/ associations ]
For log messages:
user@router> show log messages
No comments:
Post a Comment